Verifiable. Thereís often no point in making a statement unless the relying party has some way of checking it is true. Note that this isnít always a requirement - I donít have to prove my address is mine to Amazon, because its up to me where my good get delivered. But I may have to prove Iím over 18 to get the porn delivered.

Minimal. This is the privacy preserving bit - I want to tell the relying party the very least he needs to know. I shouldnít have to reveal my date of birth, just prove Iím over 18 somehow.

Unlinkable. If the relying party or parties, or other actors in the system, can collude to link together my various assertions, then Iíve blown the minimality requirement out of the water.

Mind you, Ben claims that x.509 is not suitable because "standard X.509 statements are verifiable, but not minimal nor unlinkable." I'm troubled by that word "verifiable." Either an x.509 cert points to somewhere else and therefore it in itself is not verifiable, just a reliable pointer to somewhere else, or the somewhere else is included in which case we are no longer talking about x.509.

Still, this is one of those debates where words twist their meaning faster than the average security guy can think, so let's save that for the bar.